-
Entrance exam: Web attack prevention and defense
Test your knowledge of Web security to see if you'd benefit from our Intrusion Defense School lesson, "Web attack prevention and defense." Security School
-
Know your enemy: Why your Web site is at risk
In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Security School
-
Web Security School Entrance Exam Answers
Web Security School Entrance Exam Answers Security School
-
Web Security School Lesson 3
In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web ... Security School
-
Web Security School Lesson 1
Learn how to plan and perform a secure installation of your Web server's operating system and services. Security School
-
Web Security School Lesson 2
In Lesson 2 of Web Security School, guest instructor Michael Cobb explains what to expect and look for when analyzing an attack on your Web server. Security School
-
Quiz: Web attack prevention and defense
Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server. Security School
-
Infosec Know IT All Trivia: Application security
Put your knowledge of application security to the test. Quiz
-
Microsoft pushes security in IIS 6.0
Microsoft pushes security in IIS 6.0 Feature
- See More: Essential Knowledge on Web Application Security
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? News | 27 Jan 2012
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News | 10 Jan 2012
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News | 28 Nov 2011
-
Web application risks exacerbated by social media ties, says ISACA
Asynchronous JavaScript Technology, XML, Flash and HTML 5 enable a rich Web experience, but also give attackers an alarming number of ways to penetrate corporate networks. News | 26 Oct 2011
-
New Java 7 features improve security
New features in Java 7 aim at bolstering security by switching off weaker encryption schemes. News | 06 Sep 2011
-
Realities of dealing with Web app security flaws
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video | 01 Sep 2011
-
Black Hat 2011: Money for secure application development proves elusive
For most security teams, it’s still a struggle to find money for secure application development, according to a panel of Black Hat 2011 experts. News | 04 Aug 2011
-
New GrayWolf tool sheds light on Microsoft .NET application security
Black Hat 2011: A free Microsoft .NET application security tool helps programmers reverse-engineer .NET applications to manipulate and control them. News | 04 Aug 2011
-
Automated attack toolkits single biggest threat to Web apps, report finds
Automated attack tools are targeting directory traversal bugs, cross-site scripting errors, SQL injection flaws and remote file inclusion vulnerabilities. News | 26 Jul 2011
-
Gartner’s Ramon Krikken on Web application security scanners
In this video, learn how to get the most out of Web application security scanners, and the four key elements for a successful implementation. News | 23 Jun 2011
- See More: News on Web Application Security
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
How to review your Web application security assessment tools, strategy
Expert Cory Scott offers pointers for using Web application security assessment tools and developing an application security assessment strategy. Tip
-
Addressing the dangers of JavaScript in the enterprise
The dangers of JavaScript are no secret to security professionals. Expert Michael Cobb discusses enterprise JavaScript defense technology and tactics. Tip
-
Understanding the value of an enterprise application-aware firewall
Today's enterprise application-aware firewall technology offers a host of features to manage application and Web 2.0 traffic. Expert Michael Cobb takes a look at the features and how to make the most of them. Tip
-
Netsparker: Free Web app security testing tool
Testing Web applications is critical for maintaining a secure enterprise network. Learn how to use the community version of Netsparker for free Web app security testing capabilities. Tip
-
Financials and the need for software regression testing
Attackers target financial-services websites, making it critical that financial firms include regression testing and version control in their software development practices. Tip
-
Improving software with the Building Security in Maturity Model (BSIMM)
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)? Tip
-
Using unique device identification for bank website security
Almost everyone has been asked a password challenge question on a website. Learn how to prevent identity fraud with unique device identification. Tip
-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip. Tip
-
Preventing SQL injection attacks: A network admin's perspective
Your database administrators and application developers should certainly be following best practices to avoid SQL injections, but Michael Cobb explains how network admins can do their part to fight those security exploits. Tip
- See More: Tips on Web Application Security
-
Improving Web application security with automated attack toolkits
It may seem counterintuitive, but you can safely use automated attack toolkits to improve your Web application security. Nick Lewis explains. Answer
-
How to secure websites using the HSTS protocol
Learn how to use HTTP Strict Transport Security (HSTS) to secure websites and how HSTS prevents man-in-the-middle attacks. Answer
-
Open source testing tools for Web applications: Website vulnerability scanner and recon tools
Google’s open source testing tools for Web applications can save organizations money and improve the security of Web apps. Answer
-
Insufficient authorization: Hardening Web application authorization
Insufficient authorization errors can lead to Web app compromises and data loss. Learn how to fix these authorization errors. Answer
-
Microsoft security check: Is a Redmond Internet health check viable?
While it would be nice to check every computer for malware before allowing it on the Internet, expert Nick Lewis details why this is problematic. Answer
-
How an IIS Web application pool can help secure your enterprise
Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools. Answer
-
Debug and test Web applications using Burp Proxy
The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy. Answer
-
Using a Web application honeypot to boost security for Web applications
Honeypots can be a valuable tool for logging and analyzing intrusions, but do you know the disadvantages to setting up a honeypot? Expert Michael Cobb explains some honeypot best practices. Answer
-
Using virtual test labs for virtual software testing
Do you know of virtualization that reduces your investment in hardware, space and general overhead? Virtual test labs can do just that. Expert Michael Cobb explains virtual software testing and how it can benefit your enterprise. Answer
-
How to convey the dangers of common Web application attacks
Is your enterprise management unaware of the seriousness regarding Web application attacks? Michael Cobb explains how to explain the dangers of common Web application attacks. Answer
- See More: Expert Advice on Web Application Security
-
Web application (Web app)
A Web application (Web app) is an application program that is stored on a remote server and delivered over the Internet through a browser interface. Definition
-
JavaScript hijacking
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued) Word
-
threat modeling
Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system... Word
-
dictionary attack
A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an e... Word
-
trigraph
Word
-
pen test (penetration testing)
Penetration testing (also called pen testing) is a tool for testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. (Continued) Word
-
cache cramming
Word
-
cookie poisoning
Word
-
anonymous Web surfing (Web anonymizer, SafeWeb)
Word
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Word
- See More: Definitions on Web Application Security
-
Countdown: Top 5 must-haves for your SDL security strategy
In this podcast, expert Cory Scott details the five most important elements to ensure enterprise SDL security for Web applications. Podcast
-
Web application attacks: Types and countermeasures
Video: Matasano Security's Cory Scott covers Web application attack types and how they target different layers of an application. Video
-
Mike Rothman on handling Web application security vulnerabilities
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video
-
Gartner’s Ramon Krikken on Web application security scanners
In this video, learn how to get the most out of Web application security scanners, and the four key elements for a successful implementation. Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
WASC Web Honeypot Project enters next phase
Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data. Video
-
PCI compliance requirement 6: Systems and applications
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 6: "Develop and maintain secure systems and applications." Video
-
Defending against Internet security threats and attacks
From buffer overflows to cross-site scripting, Web threats are many. Security researchers at Information Security Decisions 2008 discuss how to keep enterprises safe from these attacks (part 2 of 4). Video
-
The future of exploit vulnerability research
At Information Security Decisions 2008, security researchers discuss the most vulnerable network points and the future of the SDLC (part 1 of 4). Video
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? News
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News
-
How to review your Web application security assessment tools, strategy
Expert Cory Scott offers pointers for using Web application security assessment tools and developing an application security assessment strategy. Tip
-
Improving Web application security with automated attack toolkits
It may seem counterintuitive, but you can safely use automated attack toolkits to improve your Web application security. Nick Lewis explains. Answer
-
Countdown: Top 5 must-haves for your SDL security strategy
In this podcast, expert Cory Scott details the five most important elements to ensure enterprise SDL security for Web applications. Podcast
-
Web application attacks: Types and countermeasures
Video: Matasano Security's Cory Scott covers Web application attack types and how they target different layers of an application. Video
-
How to secure websites using the HSTS protocol
Learn how to use HTTP Strict Transport Security (HSTS) to secure websites and how HSTS prevents man-in-the-middle attacks. Answer
-
Open source testing tools for Web applications: Website vulnerability scanner and recon tools
Google’s open source testing tools for Web applications can save organizations money and improve the security of Web apps. Answer
- See More: All on Web Application Security
About Web Application Security
Browse this section for the latest news, expert advice and learning tools on Web application security, including common threats and methods for protecting against them, Web application testing, assessment and firewalls including how to deploy a firewall.